Sending a password to a terminal

ABSTRACT

A mechanism is provided for sending a password to a terminal. A password send request is received. The status of each of a plurality of terminals coupled to the information processing device via a network is acquired. On the basis of the acquired statuses, at least one item is selected from a group comprising the terminal serving as a destination for the password, the communication method with the terminal, or the method for inputting the password in the terminal. The password is then sent to the selected terminal via a network.

BACKGROUND

The present invention relates to an information processing device,terminal, program, and method for sending a password to a terminal.

Information processing devices are known in which users and terminalsare authenticated on the basis of a password inputted using a terminalas disclosed in Patent Publication No. 2004-259020.

SUMMARY

However, because it cannot be determined whether a terminal isauthenticated on the basis of a password obtained from a terminalselected by a user in advance, the accuracy with which users andterminals are authenticated is inadequate.

In one illustrative embodiment, a method, in a data processing system,is provided for sending a password to a terminal. The illustrativeembodiment receives a password send request. The illustrative embodimentacquires a status of each of a plurality of terminals coupled to theinformation processing device via a network. The illustrative embodimentselects the terminal from the plurality of terminals based on theacquired statuses using at least one item from a group comprising theterminal serving as a destination for the password, the communicationmethod with the terminal, or the method for inputting the password inthe terminal. The illustrative embodiment sends the password to theselected terminal via a network

In other illustrative embodiments, a computer program product comprisinga computer useable or readable medium having a computer readable programis provided. The computer readable program, when executed on a computingdevice, causes the computing device to perform various ones of, andcombinations of, the operations outlined above with regard to the methodillustrative embodiment.

In yet another illustrative embodiment, a system/apparatus/device isprovided. The system/apparatus/device may comprise one or moreprocessors and a memory coupled to the one or more processors. Thememory may comprise instructions which, when executed by the one or moreprocessors, cause the one or more processors to perform various ones ofand combinations of, the operations outlined above with regard to themethod illustrative embodiment.

These and other features and advantages of the present invention wilt bedescribed in, or will become apparent to those of ordinary skill in theart in view of, the following detailed description of the exampleembodiments of the present invention.

This summary of the present invention is not intended to enumerate allof the required characteristics of the present invention. The presentinvention may be realized by any combination or sub-combination of thesecharacteristics.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a configuration example of an entire information system 10.

FIG. 2 is a configuration example of an entire information processingdevice 12.

FIG. 3 is a configuration example of a terminal 14.

FIG. 4 is a flowchart of the confirmation process performed by theinformation processing device 12 on the terminal 14.

FIG. 5 is an example of a terminal status table storing the statuses ofterminals 14.

FIG. 6 is an example of a terminal status table including riskdetermination results on the statuses of terminals 14.

FIG. 7 is an example of application information including applicationrisk configurations.

FIG. 8 is another example of statuses of terminals 14.

FIG. 9 shows an example of a hardware configuration for a computer 1900related to the embodiment.

DETAILED DESCRIPTION

The following is an explanation of the present invention with referenceto embodiments of the present invention. However, the presentembodiments do not limit the present invention in the scope of theclaims. Also, all combinations of characteristics explained in theembodiments are not necessarily required in the technical solution ofthe present invention.

FIG. 1 is a configuration example of an entire information system 10. Asshown in FIG. 1, the information system 10 includes one or moreinformation processing devices 12 and one or more terminals 14. Theinformation processing devices 12 and the terminals 14 are connected viaa network 16 so as to be able to send and receive information such aspasswords.

In the information processing system 10, an information processingdevice 12 authenticates a user U or terminal 14 on the basis of apassword PW obtained from the terminal 14 and the status of the terminal14. For example, when an information processing device 12 obtains apassword send request from the user U of each terminal 14 and the statusof each terminal 14, a password PW is sent to any one of the terminals14 of a user U selected on the basis of the status. The informationprocessing device 12 receives a password PW from any one of theterminals 14 of the user and authenticates the user thereby improvingauthentication accuracy.

An example of an information processing device 12 is one or morecomputer at a financial institution functioning as a web server forauthenticating and providing internet banking services to terminals 14.Another example of an information processing device 12 is one or morecomputer functioning as a web server providing user authenticationservices at an IT services company. One of these information processingdevices 12 sends a password PW to a terminal 14 in a group of two ormore terminals 14, and the password PW is entered using the otherterminal 14 in order to provide two-factor authentication ormulti-factor authentication for authenticating the user.

The terminal 14 can be a computer such as a smartphone, a watch withcommunication functions, a car navigation system, or a tablet. Eachterminal 14 belongs to either user Ua, Ub or Uc. Here, a single userowns a plurality of terminals 14. When the terminals do not have to bedifferentiated, the terminals are denoted simply by the reference symbol“14”. Terminals denoted by the reference symbols “14 a”, “14 b” and “14c” belong, respectively, to users Ua, Ub and Uc. When differentiatingthe terminals of each user, for example, the reference symbols for userUa are “14 an” where n=1, 2, etc.

FIG. 2 is a configuration example of an entire information processingdevice 12. As shown in FIG. 2, the information processing device 12 hasa device control unit 20 and a storage unit 22.

The device control unit 20 includes a processing device such as acentral processing unit (CPU). The device control unit 20 includes aprogram sending unit 30, registration unit 32, request receiving unit34, status acquiring unit 36, selection unit 38, password sending unit40, and verification unit 42. The device control unit 20 reads a programstored in the storage unit 22 to function as the program sending unit30, registration unit 32, request receiving unit 34, status acquiringunit 36, selection unit 38, password sending unit 40, and verificationunit 42. The program sending unit 30, registration unit 32, requestreceiving unit 34, status acquiring unit 36, selection unit 38, passwordsending unit 40, and verification unit 42 can be configured wholly or inpart using hardware such as circuitry.

The program sending unit 30 sends a status acquiring program to aterminal 14 for acquiring the status of the terminal 14. For example,when a send request for a status acquiring program is received, theprogram sending unit 30 acquires the status acquiring program from thestorage unit 22. The program sending unit 30 then sends, via the network16, the status acquiring program or a terminal application including thestatus acquiring program to the terminal 14 making the send request.

The registration unit 32 registers terminals 14 on which the statusacquiring program has been installed as candidate terminals 14 forreceiving a password PW. For example, the registration unit 32 acquiresa user ID identifying a user U from a terminal 14 via the network 16,associates the user ID with information on the terminals 14 of the userU, stores the associated information in the storage unit 22, andregisters the terminal 14 as a candidate for receiving a password PW.

The request receiving unit 34 receives password send requests. Forexample, when a user terminal 14 requests authentication by aninformation processing device 12, the request receiving unit 34 receivesa password send request via the network 16 from the terminal 14 whichhas been registered in the storage unit 22. When the request receivingunit 34 has received a password send request, it notifies the statusacquiring unit 36.

The status acquiring unit 36 acquires the status of one or moreterminals 14. For example, when the status acquiring unit 36 acquiresinformation from the request receiving unit 34 indicating that apassword send request has been received from a terminal 14 registered inthe storage unit 22, the status of the terminal 14 is received via thenetwork 16.

The selection unit 38 selects, on the basis of the status acquired fromone or more terminals 14, at least one item selected from among theterminal 14 to receive the password PW, the communication method withthe terminal 14, and the method used by the terminal 14 to input thepassword PW. The selection unit 38 has a risk determining unit 44 and adeciding unit 46.

The risk determining unit 44 determines, on the basis of the status ofthe terminal 14, at least one item selected from among a candidate forthe terminal 14 to receive the password PW, a candidate for thecommunication method with the terminal 14, and a candidate for themethod used by the terminal 14 to input the password PW. The riskdetermining unit 44 outputs the results of this determination to thedeciding unit 46.

The deciding unit 46 decides, on the basis of the results determined bythe risk determining unit 44, at least one item selected from among theterminal 14 to receive the password PW, the communication method withthe terminal 14, and the method used by the terminal 14 to input thepassword PW. The deciding unit 46 outputs the results of the decision tothe password sending unit 40.

The password sending unit 40 sends via the network 16, on the basis ofthe decision by the deciding unit 46, a password PW to the terminal 14designated to receive the password PW. An example of a password PW sentby the password sending unit 40 is a one-time password used only forauthentication purposes generated by the information processing device12 in response to an authentication request. The password sending unit40 outputs the password PW to the verification unit 42.

The verification unit 42 acquires the password PW via the network 16from the terminal 14 and determines whether or not the password PWmatches the one sent by the password sending unit 40. When the passwordsPW match, the verification unit 42 authorizes access for the terminal14.

The storage unit 22 stores programs executed by the informationprocessing device 12, and information and parameters needed to executethe programs.

FIG. 3 is a configuration example of a terminal 14. As shown in FIG. 3,the terminal 14 has a terminal control unit 50, a display unit 52, aninput means 54, and a storage unit 56.

The terminal control unit 50 includes a processing device such as a CPU.The terminal control unit 50 includes a status sending unit 60, inputunit 62, and communication unit 64. The terminal control unit 50 readsthe status acquiring program sent via the network 16 by the programsending unit 30 of the information processing device 12 and stored inthe storage unit 56 to function as the status sending unit 60, inputunit 62, and communication unit 64. The status sending unit 60, inputunit 62, and communication unit 64 can be configured in whole or in partfrom hardware such as circuitry. Some of the terminals 14 include astatus sending unit 60 and a communication unit 64, while others includea status sending unit 60, input unit 62, and communication unit 64.

The status sending unit 60 sends the status of the terminal 14 to theinformation processing device 12 via the network 16. For example, thestatus sending unit 60 sends the status of a terminal 14 to the statusacquiring unit 36 of the information processing device 12. Examples ofthe status of a terminal 14 include information related to the WiFi(registered trademark) of the terminal 14 to determine whether there arelocal risks, information related to applications installed on theterminal 14 to determine the risk from malware and maliciousapplications that illicitly divulge information, and information relatedto the version of the operating system (OS) and other applications todetermine the risk to the device itself.

The input unit 62 allows a password PW to be inputted by the user Uusing the input method for the password PW selected by the informationprocessing device 12 on the basis of the status of the terminal 14 whichis received via the network 16. For example, the input unit 62 allowsthe user U to input the password PW by key input via an input means 54such as a touch panel. The input unit 62 may also allow the user U toinput the password PW by voice via an input means 54 such as amicrophone. The input unit 62 may display the input method on thedisplay unit 52 to notify the user U, or the input method may beannounced over a speaker to notify the user U. The input unit 62 outputsthe inputted password PW to the communication unit 64.

The communication unit 64 receives the password PW at the informationprocessing unit 12 using a communication method with the terminal 14that was selected by the information processing device 12 on the basisof the status of the terminal 14. The communication unit 64 also usesthe communication method to send to the information processing device 12via the network 16 the password PW provided earlier to the user U by theinformation processing device 12.

The display unit 52 displays a screen based on information inputted fromthe terminal control unit 50. For example, the display unit 52 displaysa screen related to the password PW and the information method acquiredfrom the input unit 62.

The input means 54 receives input from the user U. For example, theinput means 54 include a keyboard input device such as a keyboard ortouch panel, and a microphone for inputting voice messages. The inputmeans 54 convert input received from the user U into electrical signals,and output these electrical signals to the input unit 62.

The storage unit 56 stores programs executed by the terminal 14, andinformation and parameters needed to execute the programs.

FIG. 4 is a flowchart of the confirmation process performed by theinformation processing device 12 on the terminal 14. FIG. 5 is anexample of a terminal status table storing the statuses of terminals 14.FIG. 6 is an example of a terminal status table including riskdetermination results on the statuses of terminals 14. FIG. 7 is anexample of application information including application riskconfigurations.

As shown in FIG. 4, when the confirmation process has started, therequest receiving unit 34 in the information processing device 12determines whether a password send request has been received from aterminal 14 (S110). The request receiving unit 34 goes into standby modeuntil a password send request is received (S110: No). When a passwordsend request is sent along with a user ID and a terminal ID by thecommunication unit 64 in a terminal 14 such as terminal 14 a 1 (Sa510)and the password send request has been received by the request receivingunit 34 (S110: Yes), a password PW is generated and stored in thestorage unit 22 (S120). An example of a password PW generated at thistime is a one-time password. For example, the request receiving unit 34generates a four-digit PIN (personal identification number) “2434” as apassword PW.

Next, the status acquiring unit 36 receives the status of the terminal14 (S130). More specifically, the status acquiring unit 36 searches thestorage unit 22 for terminal 14 of the user U that is identical to theterminal 14 sending the password send request. The registration unit 32has stored in the storage unit 22 the information shown in FIG. 5related to the terminal 14 associates the user ID of the user U with theterminal ID. The status acquiring unit 36 requests the status of theterminal 14 from some or all of the terminals 14 registered by the userU.

In the terminal 14, the status sending unit 60 sends the status of theterminal 14 when a status request is received by the terminal 14 fromthe information processing device 12 (Sa610).

In the information processing device 12, the status acquiring unit 36acquires the status of each terminal 14 (S140). For example, the statusacquiring unit 36 acquires the status of each terminal 14 as indicatedin the terminal status table shown in FIG. 5.

For example, the status acquiring unit 36 acquires the status of aterminal 14 according to the terminal status table shown in FIG. 5. Thestatus of the terminal 14 includes the OS version, rooting indicatingwhether or not the device can be manipulated using an administrator'saccount, application identification information Appm (m=1, 2, etc.),WiFi information, input methods, communication methods, and the userpolicy. The OS version can be the update status of the program installedin the terminal 14. Application identification information Appm can beprogram identification information identifying the applicationsinstalled on the terminal 14.

In the example of a terminal status table shown in FIG. 5, the statusacquiring unit 36 acquires information indicating that the OS version ofterminals 14 a 1, 14 a 2 and 14 a 4 is A_1.09, which is the latestversion, while the OS version of terminal 14 a 3 is A_1.02, which hasnot been modified by the latest batch files.

The status acquiring unit 36 also acquires information indicating thatterminal 14 a 4 is rooted, and that the remaining terminals 14 a 1, 14 a2, 14 a 3 are not rooted.

The status acquiring unit 36 also acquires information indicating thatapplication App1 and application App2 have been installed in terminal 14a 1, and that application App1 and application App3 have been installedon terminal 14 a 2.

The status acquiring unit 36 also acquires information indicating thatterminals 14 a, 14 a 2 and 14 a 3 are connected to the network via phoneWiFi, and that terminal 14 a 4 is connected to the network via homeWiFi.

The status acquiring unit 36 also acquires information indicating thatterminal 14 a 1 can receive key input via a keyboard or touch panel andvoice input via a microphone. The status acquiring unit 36 also acquiresinformation indicating that terminal 14 a 2 can communicate via SMS andOS message, terminal 14 a 3 can communication via OS message, and thatterminal 14 a 4 can communication via voice call.

The status acquiring unit 36 also acquires user policy informationindicating that their users have set up terminals 14 a 1, 14 a 2, 14 a 3for use in the authentication process, but that the user of terminal 14a 4 has not set up the device for use in the authentication process.

The status acquiring unit 36 associates the user IDs of each user U (Ua,Ub, etc.) with the terminal IDs of terminals 14 (d1, d2, etc.), storesthe status of the terminals 14 in the storage unit 22, and outputs thisinformation to the risk determining unit 44 of the selection unit 38. Inthe present embodiment, the terminal ID of terminal 14 a 1 is “d1”, theterminal ID of terminal 14 a 2 is “d2”, the terminal ID of terminal 14 a3 is “d3”, and the terminal ID of terminal 14 a 4 is “d4”.

The risk determining unit 44 determines the risk of each terminal 14 onthe basis of the status of the terminal 14 acquired from the statusacquiring unit 36.

More specifically, the risk determining unit 44 first determines thelocal risk of the terminal 14 (S150). The local risk is determined bythe risk determining unit 44 based on whether or not the proximity ofthe terminal 14 a 1 making the request to other terminals 14 a 2, 14 a3, 14 a 4 satisfies predetermined criteria using the WiFi status of eachterminal 14. In the example of a terminal status table shown in FIG. 6,the WiFi status of the terminal 14 a 1 making the request and terminals14 a 2 and 14 a 2 is phone WiFi, meaning they are using the same WiFi.In this case, the risk determining unit 44 determines whether or not theterminal 14 a 1 making the request and terminals 14 a 2 and 14 a 2satisfy predetermined criteria on nearness to each other (=Near), whichindicates tow risk. On the other hand, the risk determining unit 44determines that terminal 14 a 4 using home WiFi, which is different WiFifrom the other terminals 14 a 1, 14 a 2, 14 a 3 does not satisfy thepredetermined criteria. It is far from the other terminals 14 a 1, 14 a2, 14 a 3 (=Far), which indicates high risk.

The risk determining unit 44 then determines the risk from applicationson the terminals 14 (S160). For example, the risk determining unit 44determines the risk from applications on each terminal 14 on the basisof application information stored in the storage unit 22.

An example of application information, as shown in FIG. 7, associatesapplication IDs with the risk configuration of each application, and theresults indicating whether or not malware has been discovered in theapplication. For example, applications App1, App4 and App5 do not have arisk configuration and no malware is present.

Application App2 includes a key logger for acquiring the internal log ofkey inputs as a risk configuration, and is registered as malware. Theinformation related to the key logger is an example of permissioninformation indicating whether or not an application installed in theterminal 14 has permission to intercept the input method candidate forthe password PW.

Application App3 has read permission enabling short message service(SMS) messages to be read as a risk configuration, and is registered asmalware. Information related to read permission is an example ofpermission information indicating whether or not an applicationinstalled in the terminal 14 permits has permission to intercept thecommunication method candidate for the password PW. Another example ofpermission information relates to screen captures intercepting the entryof a password PW.

The risk determining unit 44 determines that application App2 interminal 14 a 1 and application App3 in terminal 14 a 2 are risky. Arisk flag is established for applications App2 and App3, and the riskconfigurations associated with applications App2 and App3 are stored.

The risk determining unit 44 then determines the risk of each terminal14 as a device (S170). For example, the risk determining unit 44determines the risk based on whether or not the OS installed in theterminal 14 has been upgraded to a predetermined version. An example ofa predetermined version is the latest version. The risk determining unit44 determines that the risk from terminals 14 a 1, 14 a 2 and 14 a 4,which include A_1.09, or the latest version of the OS, is low, while therisk from terminal 14 a 3, which includes A_1.02, or an old version ofthe OS, is high. The risk determining unit 44 may determine the risk asa device from the presence or absence of rooting in each terminal 14.The risk determining unit 44 determines that the risk from unrootedterminals 14 a 1, 14 a 2 and 14 a 3 is low, while the risk from rootedterminal 14 a 4 is high.

The risk determining unit 44 stores in the storage unit 22 thecomprehensive risk determination results for each terminal 14 based onits status (S180). For example, the risk determining unit 44 determinesthat the key input risk for terminal 14 a 1 is high (=High) becauseapplication App2 has a key logger, but that the voice input risk is low(=Low). Similarly, the risk determining unit 44 determines that the riskfrom the SMS communication method is high in terminal 14 a 2 becauseapplication App3 has SMS read permission, but that the risk from the OSmessage communication method is low. The risk determining unit 44determines that the risk from terminal 14 a 3 is high because it has anold version of the OS. The risk determining unit 44 determines that therisk to terminal 14 a 4 is high because terminals 14 a 1, 14 a 2 and 14a 3 are farther away based on the WiFi.

The risk determining unit 44 may determine only some of the risks to theterminals 14. For example, the risk determining unit 44 may store inadvance some or all of the determined risks to each terminal 14 in thestorage unit 22, and only results related to recently determined risks.

The deciding unit 46 decides on the password PW exchange systems basedon the results determined by the risk determining unit 44 (S190). Here,the term exchange system refers to the terminal 14 used to send apassword PW, the terminal 14 used to enter the password PW, the methodused to enter the password PW in the terminal 14, the method used by theinformation processing device 12 to communicate with the terminal 14,and the method used by the terminal 14 to communicate with theinformation processing device 12.

For example, the deciding unit 46 decides, on condition that theproximity in the risk results meets predetermined criteria and from theOS version, which terminal 14 among a plurality of terminals 14 is toreceive the password PW. In the example of the terminal status tableshown in FIG. 6, the deciding unit 46 selects terminal 14 a 2 to receivethe password PW because the proximity of the terminal meetspredetermined criteria.

The deciding unit 46 also selects, based on the permission informationacquired from the terminal 14, either a communication method with theterminal 14 or a password PW inputting method for the terminal 14 whichcannot be intercepted by an application. In the example of the terminalstatus table shown in FIG. 6, the deciding unit 46 selects OS message asthe communication method used by the information processing device 12 tosend the password PW to terminal 14 a 2, and not SMS which can be readand intercepted by application App3 in the terminal 14 a 2 which hasread permission. The deciding unit 46 selects terminal 14 a 1 as theterminal 14 used to enter the password PW. The deciding unit 46 selectsvoice input as the method used to enter the password PW in terminal 14 a1, and not key input, because application App2, which has a key logger,can record the log and intercept the password. The deciding unit 46selects SMS as the communication method used by the terminal 14 a 1 tosend the password PW to the information processing device 12. Note thatthe deciding unit 46 can decide, based on the risk determination resultsrelated to the OS version, on the communication method with a terminal14 and the password PW input method used by a terminal 14.

The password sending unit 40 on the sending end sends the exchangesystem and the password PW to terminal 14 a 2, and outputs the passwordPW to the verification unit 42 (S200). When the deciding unit 46 hasdetermined that the selection of the candidate for the terminal 14 toreceive the password PW, the candidate for the communication method withthe terminal 14, and/or the candidate for the method for inputting thepassword into the terminal 14 exceeds a predetermined criterion, thepassword sending unit 40 on the sending end may notify the terminal 14that a password PW cannot be sent.

When the terminal 14 a 2 receives an exchange system and password PW,the input unit 62 notifies the user Ua of the password PW (Sa710). Theinput unit 62 may, for example, display the exchange system and thepassword PW on the display unit 52. The input unit 62 may also announcethe exchange method and the password PW by voice over the speaker.

Along with the password PW, the input unit 62 notifies the user of theinput method in the exchange system (Sa720). Here, the input methodincludes the terminal 14 a 1 used to enter the password PW, the inputmeans 54 such as keys or a microphone for entering the password PW, andthe application used for key input.

The terminal 14 a 1 designated to input the password PW remains instandby mode until the user Ua enters the password PW (Sa810: No). Whenthe user Ua enters the password PW provided in Step Sa710 using thedesignated input means 54, the input unit 62 acquires the password PWfrom the input means 54 and outputs it to the communication unit 64(Sa810: Yes).

The communication unit 64 sends the password PW obtained from the inputunit 62 to the information processing device 12 (Sa820).

When the information processing device 12 receives the password PW, theverification unit 42 verifies the password PW to determine whether ornot the terminal 14 a 1 sending the password PW has been authenticated(S210). When the password PW matches the password PW sent in Step S200,the verification unit 42 authenticates the terminal 14 a 1 sending thepassword PW (S210: Yes), and ends the authentication process.Afterwards, the information processing device 12 receives each processperformed by the user such as a fund transfer in internet banking. Whenthe password PW does not match the password PW sent in Step S200, theverification unit 42 does not authenticate the terminal 14 a 1 sendingthe password PW (S210: No), and the process is repeated from Step S120.The authentication process may also be ended when the verification unit42 has not authenticated the terminal 14 a 1.

As mentioned above, the selection unit 38 in the information processingdevice 12 selects, on the basis of the status of each terminal 14acquired by the status acquiring unit 36, the terminal 14 to receive thepassword PW, the communication method with the terminal 14, and themethod used by the terminal 14 to enter the password PW. By having theselection process performed by the information processing device 12, therisk of the password PW being leaked can be reduced compared to asituation in which the user selects the terminal 14 to send thepassword. As a result, the accuracy of password PW authentication can beimproved based on the status of the terminal 14.

More specifically, in the information processing device 12, the riskdetermining unit 44 determines the risk on the basis of the proximity ofterminals 14 to each other, and the deciding unit 46 determines theterminal 14 to receive the password PW based on the results of the riskdetermination. In this way, the information processing device 12 cansend the password PW to a terminal 14 some distance from anotherterminal 14 that has, for example, been stolen, and the leaking ofpasswords PW can be further suppressed.

In the information processing device 12, the risk determining unit 44determines the risk from applications, and the deciding unit 46 decides,based on the results of the risk determination, on the communicationmethod and the input method for the password PW. In this way, theinformation processing device 12 can reduce the instances of passwordsPW being intercepted during communication and passwords PW beingintercepted during input by malicious applications, and the leaking ofpasswords PW can be further suppressed.

In the information processing device 12, the risk determining unit 44determines the risk from the OS version and rooting, and the decidingunit 46 decides, based on the results of the risk determination, theterminal 14 to receive the password PW. In this way, the leaking ofpasswords PW caused by sending passwords PW to vulnerable terminals 14can be suppressed by the information processing device 12.

The following is an explanation of partially modified embodiments. Here,the relationship between components and the devices exchanginginformation in the embodiment described above may be changed as needed.

Here, the status acquiring unit 36 may acquire the status of a terminal14 at different times. This can reduce the amount of communication andcommunication times compared to situations in which the status acquiringunit 36 acquires the status of a terminal 14 each time authentication isperformed using a password PW. Here, the selection unit 38 may select,based on an acquired status history, at least one item from a groupincluding the terminal 14 to receive the password, the communicationmethod with the terminal 14, and the method used by the terminal 14 toenter the password.

In addition to those mentioned above, applicable communication methodsalso include a mobile phone network, wireless LAN such as WiMAX(registered trademark), mobile voice, email, and the web.

FIG. 8 is another example of statuses of terminals 14. As shown in FIG.8, the status of each terminal 14 includes location information detectedby GPS. Here, the risk determining unit 44 calculates the distancesbetween each terminal 14 based on location information or a locationinformation history, and determines whether or not the proximity exceedsa predetermined criterion. More specifically, when the distance does notexceed a predetermined criterion, the risk determining unit 44determines that the proximity between terminals 14 is high. The riskdetermining unit 44 may also determine proximity based on whether eachterminal 14 is connected to the same base station or communicationstation. More specifically, when each terminal 14 is using the same basestation, the risk determining unit 44 determines that the proximitybetween the terminals 14 is high.

The risk determining unit 44 may determine the proximity betweenterminals 14 based on the vibration history of each terminal 14. Here, avibration sensor is installed in each terminal 14, and the history ofvibration information detected by the vibration sensors is acquired bythe status acquiring unit 36 as the status of the terminal 14, andoutputted to the risk determining unit 44. When terminals 14 have asimilar history of vibration information, the risk determining unit 44determines that they are close to each other and have a high proximityto each other. In this way, the risk determining unit 44 can determinethat the terminals 14 are owned by one person, are close to each other,and have a high proximity to each other. The risk determining unit 44may determine the proximity between terminals 14 based on thetemperature history of each terminal 14. For example, the riskdetermining unit 44 may determine that the proximity between terminals14 with a similar temperature history is high. The risk determining unit44 may also determine the proximity between terminals 14 based on thehistory of near field communication (NEC) between the terminals 14.

In the embodiment described above, the selection unit 38 selected all ofthe items in a group including the terminal 14 to receive the passwordPW, the communication method with the terminal 14, and the method usedby the terminal 14 to enter the password PW. However, selection unit 38may select at least one of these items.

In the embodiment described above, the status acquiring unit 36 acquiredthe status of terminals 14, and the risk determining unit 44 used theagent system to determine the risk of each terminal 14 on the basis ofthe status of the terminal 14. However, the risk to a terminal 14 mayalso be diagnosed using a remote scanner, or a diagnostic program suchas a program written in JavaScript (registered trademark).

FIG. 9 shows an example of a hardware configuration for a computer 1900related to the present embodiment. The computer 1900 related to thepresent embodiment is an example of an information processing device 12and terminal 14. The computer 1900 in the present embodiment is equippedwith a CPU peripheral portion having a CPU 2000, RAM 2020, graphicscontroller 2075 and display unit 2080 connected to each other by a hostcontroller 2082, an input/output portion having a communicationinterface 2030, and a hard disk drive 2040 connected to the hostcontroller 2082 by an input/output controller 2084, and a legacyinput/output portion having a ROM 2010, memory drive 2050, andinput/output chip 2070 connected to the input/output controller 2084.

The host controller 2082 is connected to RAM 2020, a CPU 2000 accessingthe RAM 2020 at a high transfer rate, and a graphics controller 2075.The CPU 2000 is operated on the basis of a program stored in the ROM2010 and the RAM 2020, and controls the various units. The graphicscontroller 2075 acquires the image data generated in the frame buffer ofthe RAM 2020 by the CPU 2000 and other units, and displays this imagedata on the display unit 2080. Alternatively, the graphics controller2075 can include a frame buffer for storing image data generated by theCPU 2000 and other units.

The input/output controller 2084 is connected to a host controller 2082,a communication interface 2030 serving as a relatively high-speedinput/output device, and a hard disk drive 2040. The communicationinterface 2030 communicates with the other devices via a network. Thehard disk drive 2040 stores the programs and data used by the CPU 2000in the computer 1900.

The input/output controller 2084 is connected to the ROM 2010, thememory drive 2050, and the relatively low-speed input/output device ofthe input/output chip 2070. The ROM 2010 stores the boot programexecuted by the computer 1900 at startup and/or programs relying onhardware in the computer 1900. The memory drive 2050 reads programs ordata from a memory card 2090, and provides the programs and data to thehard disk drive 2040 via the RAM 2020. The input/output chip 2070connects the memory drive 2050 to the input/output controller 2084, andvarious types of input/output device are connected to the input/outputcontroller 2084 via a parallel port, serial port, keyboard port, ormouse port, etc.

A program provided to the hard disk drive 2040 via the RAM 2070 isstored on a recording medium such as a memory card 2090 or an IC cardprovided by the user. A program is read from the recording medium,installed in the hard disk drive 2040 inside the computer 1900 via theRAM 2020, and executed by the CPU 2000.

Programs installed in the computer 1900 to enable the computer 1900 tofunction as an information processing device 12 include a programsending module, registration module, request receiving module, statusacquiring module, selection module, password sending module, andverification module. Those programs or modules work with the CPU 2000and other components to cause the computer 1900 to function as theprogram sending unit 30, registration unit 32, request receiving unit34, status acquiring unit 36, selection unit 38, password sending unit40, and verification unit 42.

The information processing steps written in these programs are specificmeans activated by reading the programs to the computer 1900 so that thesoftware cooperates with the various types of hardware resourcesdescribed above. These specific means function as a program sending unit30, registration unit 32, request receiving unit 34, status acquiringunit 36, selection unit 38, password sending unit 40, and verificationunit 42. These specific means realize operations and the processing ofinformation in the computer 1900 of the present embodiment to constructa dedicated information processing device 12 for the intended purpose.

Programs installed in the computer 1900 to enable the computer 1900 tofunction as a terminal 14 include a status sending module, an inputmodule, and a communication module. Those programs or modules work withthe CPU 2000 and other components to cause the computer 1900 to functionas a status sending unit 60, an input unit 62, and a communication unit64.

The information processing steps written in these programs are specificmeans activated by reading the programs to the computer 1900 so that thesoftware cooperates with the various types of hardware resourcesdescribed above. These specific means function as the status sendingunit 60, input unit 62, and communication unit 64. These specific meansrealize operations and the processing of information in the computer1900 of the present embodiment to construct a dedicated terminal 14 forthe intended purpose.

For example, when the computer 1900 communicates with an externaldevice, the CPU 2000 executes the communication program loaded in theRAM 2020, and instructs the communication interface 2030 in thecommunication processing on the basis of the processing contentdescribed in the communication program. The communication interface 2030is controlled by the CPU 2000, and reads the transmitted data stored inthe transmission buffer region of a memory device such as the RAM 2020,hard disk drive 2040, or memory card 2090, or writes reception datareceived from the network to a reception buffer region of the storagedevice. In this way, the communication interface 2030 exchanges datawith a storage device using the direct memory access (DMA) method.Alternatively, the CPU 2000 may exchange data by retrieving data fromthe source storage device or communication interface 2030, and writingthe data to the destination communication interface 2030 or storagedevice.

Also, the CPU 2000 writes all of the data or the necessary data to theRAM 2020 via, for example, a DMA transfer, from files or databasesstored in an external storage device such as a hard disk drive 2040 or amemory drive 2050 (memory card 2090), and performs various types ofprocessing on the data in the RAM 2020. The CPU 2000 then writes theprocessed data to an external storage device via, for example, a DMAtransfer. Because the RAM 2020 temporarily stores the contents of theexternal storage device during this process, the RAM 2020 and theexternal storage device are generally referred to in the presentembodiment ax memory, a storage unit, or a storage device. The varioustypes of information in the programs, data, tables and databases of thepresent embodiment are stored in these memory devices, and are thetargets of information processing. The CPU 2000 can hold some of the RAM2020 in cache memory, and read and write data to the cache memory. Here,the cache memory performs some of the functions of the RAM 2020.Therefore, this division is excluded in the present embodiment. Cachememory is included in the RAM 2020, the memory, and/or the storagedevice.

The CPU 2000 also performs various types of processing on data read fromthe RAM 2020 including the operations, processing, conditiondetermination, and information retrieval and substitution described inthe present embodiment and indicated by a sequence of instructions inthe program, and writes the results to the RAM 2020. For example, whenperforming a condition determination, the CPU 2000 compares varioustypes of variables described in the present embodiment to othervariables or constants to determine whether or not conditions such asgreater than, less than, equal to or greater than, equal to or less thanor equal to have been satisfied. When a condition has been satisfied (ornot satisfied), the process branches to a different sequence ofinstructions or calls up a subroutine. The CPU 2000 can also searchfiles in a storage device or information stored in a database.

A program or module described above can be stored in a recording mediumof an external unit. Instead of a memory card 2090, the recording mediumcan be an optical recording medium such as a MID or CD, amagneto-optical recording medium such as MO, a tape medium, or asemiconductor memory such as an IC card. The recording medium can alsobe a storage device such as a hard disk or RAM provided in a serversystem connected to a dedicated communication network or the internet,and the program can be provided to the computer 1900 via the network.

The present invention was explained using an embodiment, but thetechnical scope of the present invention is not limited to theembodiment described above. The possibility of many changes andimprovements to this embodiment should be apparent to those skilled inthe art. Embodiments including these changes and improvements are withinthe technical scope of the present invention, as should be clear fromthe description of the claims.

The order of execution for operations, steps and processes in thedevices, systems, programs and methods described in the claims,description and drawings was described using terms such as “previous”and “prior”. However, these operations, steps and processes can berealized in any order as long as the output of the previous process isused by the subsequent process. The operational flow in the claims,description and drawing were explained using terms such as “first” and“next” for the sake of convenience. However, the operational flow doesnot necessarily have to be executed in this order.

The invention claimed is:
 1. An information processing device forsending a password to a terminal, the information processing devicecomprising: a memory; and a computer processor, wherein the processor isconfigured to: receive a password send request; acquire the status of aterminal, the status including information determining the proximity ofthe terminal sending the password send request and another terminal,determine whether the other terminal is to serve as the destination ofthe password on a condition that the proximity of the terminal to theother terminal meets a predetermined criterion, wherein thepredetermined criterion is that the terminal and the other terminal arein the same geographical proximity; select, on the basis of the acquiredstatus, at least one item from a group including the terminal serving asthe destination of the password, the communication method with theterminal, and the method for inputting the password in the terminal; andselect either a communication method or an input method unable to beintercepted by a program identified by program identificationinformation acquired from the terminal, wherein the communication methodor the input method unable to be intercepted by the identified programincludes changing the input of the password from short message service(SMS) to OS messaging.
 2. The information processing device according toclaim 1, wherein the computer processor is further configured to:determine a risk, on the basis of the status, the risk being associatedwith at least one item from the group including the terminal serving asthe destination of the password, the communication method with theterminal, and the method for inputting the password in the terminal; andverify, on the basis of the results of the risk determination, at leastone item from the group including the terminal serving as thedestination of the password, the communication method with the terminal,and the method for inputting the password in the terminal.
 3. Theinformation processing device according to claim 1, wherein the computerprocessor is further configured to: acquire the status of a plurality ofterminals; and determine, on the basis of the acquired status of eachterminal, the terminal serving as the destination of the password amongthe plurality of terminals.
 4. The information processing deviceaccording to claim 1, wherein the computer processor is furtherconfigured to: acquire a status including program identificationinformation for identifying a program installed in the terminal.
 5. Theinformation processing device according to claim 4, wherein the computerprocessor is further configured to: determine, on the basis of programidentification information acquired from the terminal, whether or notthe terminal is to serve as the destination of the password.
 6. Theinformation processing device according to claim 4, wherein the computerprocessor is further configured to: acquire a status also includingpermission information indicating whether or not a communication methodor an input method is permitted to be intercepted by a program installedin the terminal; and select, on the basis of the permission informationacquired from the terminal, either the communication method or the inputmethod unable to be intercepted by the program.
 7. The informationprocessing device according to claim 6, wherein the computer processoris further configured to: acquire a status also including the updatestatus of a program installed in the terminal; and select at least oneitem from a group including the terminal serving as the destination ofthe password, the communication method with the terminal, and the methodfor inputting the password in the terminal, on the basis of whether ornot the program installed on the terminal has been updated to apredetermined version.
 8. The information processing device according toclaim 1, wherein the computer processor is further configured to:acquire the status of the terminal at different times; and select, onthe basis of the acquired status history, at least one item from a groupincluding the terminal serving as the destination of the sent password,the communication method with the terminal, and the method for inputtingthe password in the terminal.
 9. The information processing deviceaccording to claim 1, wherein the computer processor is furtherconfigured to: send a status acquiring program to the other terminal inorder to acquire the status of the other terminal; and register theother terminal, including the installed status acquiring program, as acandidate for the terminal serving as the destination of the password.10. The information processing device according to claim 2, wherein thecomputer processor is further configured to: send the password to theterminal serving as the destination of the password according to thecomputer processor; and notify the terminal that the password cannot besent when the risk associated with at least one item from a groupincluding the terminal serving as the destination of the password, thecandidate communication method with the terminal, and the candidatemethod for inputting the password in the terminal exceeds apredetermined criterion.
 11. The information processing device accordingto claim 1, wherein the computer processor is further configured to:acquire the status of a third terminal and a fourth terminal, whereineach terminal is a mobile device connected to a local network; determinethat the terminal, the other terminal, the third terminal, and thefourth terminal are all connected to the local network; identify thatthe other terminal, the third terminal, and the fourth terminal includea voice calling application, wherein the voice calling application isthe method for inputting the password in the other terminal, the thirdterminal, and the fourth terminal; and determine to send the password tothe terminal as a short message service (SMS) text message, wherein theSMS text message is determined to be an input method unable to beintercepted by the other terminal, the third terminal, and the fourthterminal in response to identifying the voice calling application on theother terminal, the third terminal, and the fourth terminal.